ECIIA believes that the crisis has raised the questions about the appropriateness of the culture at the top of some organisations. In future, the culture needs to recognise the importance of ensuring that risks are fully identified and quantified; that risk appetite is addressed in a meaningful way; that risks are managed and mitigated systematically; and finally that comprehensive independent assurance measures are both in place and effective.
Also it would seem that boards and audit committees did not adequately either understand or execute properly their role and responsibilities with regard to risk, and may not have been aware of the range and scope of risk. As a result, public trust in the banking sector was undermined by the high risk strategies run by many institutions, which ultimately caused their downfall.
While the majority if not all of the organisations affected by the crisis will have had internal audit in some form, these problems of culture and awareness may have inhibited internal audit from being able to ensure that the governance of financial institutions was effective and that holistic risk mitigation measures were in place and effective. Effective internal audit regimes would have given warning about the appropriateness of the risk profiles of the institutions which failed, although those warnings may not have been heeded given the expectations, common culture and herd instinct of the sector.
Overall therefore, the ECIIA believes that a debate on reforming the structure of the banking sector should include in its discussions the role and the scope of effective internal audit regimes as a major contributor to increased financial stability - especially as the report deals with the role of the banks´ risk management function and the need to improve corporate governance. Both must be underpinned by an independent and strong internal audit function, which should be supported by respective regulatory initiatives. The Basel Committee on Banking Supervision recently made an important step, issuing its supervisory guidance, “The internal audit function in banks”. This guidance is built around 20 principles that seek to promote a strong internal audit function in banks. It forces banks and their boards to recognise that their internal audit function is a key component of a bank´s sound governance framework, and to listen more carefully to its warning bells. It also encourages bank internal auditors to comply with the international professional standards of the IIA, which guarantee high professionalism and ethics. ECIIA feels this report on reforming the structure of the EU banking sector would be considerably strengthened if it were to recognise the vital role that internal audit can play, taking account of its comments, and including appropriate appendices with regard to internal audit.
The ECIIA supports the “Three Lines of Defence” (3LoD) - model as a benchmark for future regulatory guidance. This model has been increasingly applied to corporate governance, and particularly risk management, over recent years. The ECIIA finds that it is a useful tool to explain and demonstrate the different roles in governance and risk management, the interplay between them and how they fit together to provide stronger corporate governance.
As noted earlier, in 2012 the Basel Committee on Banking supervision has updated its guidance for supervisors for assessing the adequacy of the internal audit function in banks. This guidance - which refers to the ethical and professional standards of the IIA - should make it harder for the board to ignore advice given by their internal auditors or claim not to have been informed. Any analysis of the history of the crises which has the aim of developing ideas for structural reforms to avoid future vulnerabilities needs to consider the tools banks and supervisors have to assess and guide banks. The exceptional - and difficult – function of internal audit as independent assessor, advisor, defender and protector cannot be stressed enough.
To facilitate considerations regarding the role of internal audit in contributing to financial stability in the banking sector, ECIIA attaches some concrete suggestions where and how to implement reforms. While small in number they will greatly enhance the impact of the report.
Press release
Comment letter
© ECIIA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article